DDOS attack

[Araxes]

Man this is getting super annoying. Two DC's and not even half through the dungeon yet.

[Oichi]

Yeah is super bad in Eu right now. We got dc'd 5 times at the last boss in Dalriada. Not only we wiped each time, of course, but we just timed out of the raid. Sighs. I am so sorry for the first timers we had.

[UkcsAlias]

Did SE have warning that they were particularly vulnerable to a DDOS

If they thought they never had the warning, then that is a major issue. Any sane network developer will know that a ddos cannot be prevented unless the design of the internet gets changed massively (in both protocol and laws, and globaly). You can only mitigate up to a certain point as default, since every step above it costs money. You can reserve a bit to handle it (as in always having some backup servers available that you can hire, that a lot of companies can revert to if they have issues), but in most cases, its just a money/risk balance. Where money nearly always wins.

Even google faces ddos attacks. And very severe ones. Attacks at a scale that would not just kick you out of the game, you cannot even get the launcher to connect. Google however has a capacity that is magnitudes higher, they have to deliver a service to 2 billion people at once, instead of at peak times 200k. Note that the PSN has been down for a very long time at once because of a ddos. 2 weeks of having absolutely no way of getting online.

There is just no reason for SE to prepare before the attack, as it takes only a single test to know if a ddos works or not. And if not, pay more to scale it up. The ddos providers can reach terrabytes/s worth of data easily as they dont need this speed themselve, they only need a botnet large enough. Yet when defending, the only way to defend it is by making it possible to catch that number of traffic and spread it out enough so it can be processed (and discarded if its part of the ddos). If they protected against 200Mb/s, as ddosser you test just linearly in scale upward. first 100, then 200, and at 300 you see success so you stop scaling. If mitigation takes it to 400, you just continue testing upward and at 500 you again win. You are only restricted by the size of the botnet.

(and yes, ddosses are often measured in requests per second, but for the argument its still the same)

[AmonSul]

I am afraid that is not true.
DDoS attacks affect the servers and their network connections. This is independent of which type of client a player uses.

I only have anecdotal evidence (I know that proves nothing), but at least in our FC on EU data center with 30-40 ppl online when the DDoS hit us yesterday and today only PC players got disconnected again and again while PS4/5 players only experienced lags, but stayed connected all the time.

Also not sure why. Maybe they have a different lobby server or use partly Sony IT infrastructure for connection handling and these parts are not attacked?

And they definitely implemented connection handling a little bit different on PS4/5 than on PC. E.g. PS users can see on their friend list in the game who else plays on PS4/5 since they can see a little PS logo in the list that we do not see on PC. That is also why our PS users are very sure about that PS4/5 players stayed connected and only saw PC user got disconnected.

[Kuroka]

Could be them just being routed differently and thus not as affected.

[AmonSul]

In my FC is even a IRL couple sitting next to each other in the same room. Husband plays on PC and wife on PS5. You should assume they use the same route to SE servers with same ISP. PC got disconnected and PS5 lag and stayed connected. And that through all the DDOS attacks.
Well could be still coincidence since the sample size is too small. ¯\_(ツ)_/¯

[Myrany]

Do we know that this is still the DDOS and not various internet nodes and service providers having issues because of the Solar Flares happening right now?

[AmonSul]

No, not for sure. But Swedish national TV broadcaster SVT streamed the current ongoing live event "Den stora älgvandringen" (the great moose migration) flawlessly during the Solar Flares to the internet. You can see some aurora borealis in live stream around 0:29 am today. For them it did not seemed to be a huge problem. SVT also use Arelion/Twelve99 as ISP btw, the same company that also SE uses for its EU servers.

[Raven2014]

As far as I know there is only one company in the world that is known to be immune to DDOS attack ... and it is Amazon. First, because Amazon is in the business of selling server so they naturally they always have a large reserve capacity. Secondly, and probably more importantly, they did the math and see that they stand to lose hundred of millions for each minutes the website is down, or even billions if it's during holiday season. I think in the past Amazon came under concentrate attack for a straight 3 days, then the attackers gave up because Amazon's servers just shrug it off. I have never heard similar thing from any other tech companies. The joke is you can't DDOS Amazon, because the massive amount of business they process at any given moment means they're already ALWAYS DDOSed by their actual customers.

But in case if anyone wondering why there is no business incentive to preemptively stop DDOS attack ... just looks at amazon to see how big such incentive needs to be.

[Kes13a]

As far as I know there is only one company in the world that is known to be immune to DDOS attack ... and it is Amazon. First, because Amazon is in the business of selling server so they naturally they always have a large reserve capacity. Secondly, and probably more importantly, they did the math and see that they stand to lose hundred of millions for each minutes the website is down, or even billions if it's during holiday season. I think in the past Amazon came under concentrate attack for a straight 3 days, then the attackers gave up because Amazon's servers just shrug it off. I have never heard similar thing from any other tech companies. The joke is you can't DDOS Amazon, because the massive amount of business they process at any given moment means they're already ALWAYS DDOSed by their actual customers.

But in case if anyone wondering why there is no business incentive to preemptively stop DDOS attack ... just looks at amazon to see how big such incentive needs to be.

yeah, in this one instance I would agree with the thought that some have here that SE is a "small indie company" in comparison. Amazon = $514 billion annually and SE...$2.49 billion... Amazon makes it money doing many sales online and SE doesnt, not many companies need that kind of "protection" against these kind of attacks. though, does Amazon have a real defense, or are they servers just much more robust because of the volume they need to handle on a normal basis?